Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"Resource not accessible by integration" #10

Open
AstraLuma opened this issue Sep 3, 2019 · 62 comments
Open

"Resource not accessible by integration" #10

AstraLuma opened this issue Sep 3, 2019 · 62 comments

Comments

@AstraLuma
Copy link

https://github.com/ppb/pursuedpybear/pull/359/checks?check_run_id=211188070

https://github.com/ppb/pursuedpybear/blob/master/.github/workflows/greetings.yml

@JJ
Copy link

JJ commented Oct 23, 2019

This happens as soon as the person creating the PR does not have permission to the repository. I've been all day with this, and there does not seem to be a solution. Same problem as here actions/labeler#12.

@AstraLuma
Copy link
Author

Eh? Actions run under their own credentials, not as a user??

@JJ
Copy link

JJ commented Oct 26, 2019

Actions run as an user, but when they are running in a fork there are potential security problems, so they are degraded to "read-only"

@AstraLuma
Copy link
Author

I'm confused. This is an action configured in the main repo for a PR in the main repo?

@AstraLuma
Copy link
Author

AstraLuma commented Oct 28, 2019

Oh, PR events are sent to the fork under the source branch, not to to the target repo/branch?

@mangelajo
Copy link

Ok, github needs to fix this. I'm facing the same thing while trying to create an action.

@kaxil
Copy link

kaxil commented Jan 6, 2020

We faced similar issue when trying to use greeting for Airflow project (https://github.com/apache/airflow). So we developed a Github app which is working well for us in case someone faces similar issue:

https://github.com/kaxil/boring-cyborg

@joshgoebel
Copy link

joshgoebel commented Mar 3, 2020

Is this the same issue as with labeler? actions/labeler#50

If so, can the same solution also be applied (at least as a stopgap)? Very frustrating that Github seems to push these actions hard in their UI but then they don't work with the most common use case on GitHub for OSS projects.

@gunnsth
Copy link

gunnsth commented Mar 4, 2020

Getting this too: https://github.com/unidoc/unipdf/pull/269/checks?check_run_id=486244746
Would make sense to skip the action if needed resources are not available? Or an option to make it required/optional. Some actions might be required, but a greeting hardly, but this is flagging a valid PR as failing due to this.

@joshgoebel
Copy link

Some actions might be required, but a greeting hardly, but this is flagging a valid PR as failing due to this.

Yes, very good point also. Not all actions are created equal (in that they should kill the whole workflow from moving forward).

@Borda
Copy link

Borda commented Mar 9, 2020

@joshgoebel
Copy link

joshgoebel commented Apr 19, 2020

Anyone alive here: Is this the same issue as with labeler? actions/labeler#50

I added this to a project but I guess I'm about to rip it out - the use case seems extremely limited - not at all suited for large OSS projects with many contributors. And those are exactly the projects where this type of thing would be most helpful.

@Ecco
Copy link

Ecco commented Apr 19, 2020

Unfortunately this is not specific to a given action / repository.

Anyone hit by this, please read this long comment I wrote and feel free to upvote it.

omurilo added a commit to lucasmontano/twitch that referenced this issue May 7, 2020
Because a creator of PR not have write permission on repository, this actions fail on all the PR created by community.

This bug it is related on actions/first-interaction#10
omurilo added a commit to lucasmontano/twitch that referenced this issue May 7, 2020
Because a creator of PR not have write permission on repository, this actions fail on all the PR created by community.

This bug it is related on actions/first-interaction#10
Bouni pushed a commit to Bouni/python-luxtronik that referenced this issue Jul 22, 2023
According to actions/first-interaction#10 (comment), this should fix the issue with the failing of pytest on pull requests from forks.
miniTalDev added a commit to miniTalDev/yolov5-lip-detection that referenced this issue Aug 6, 2023
Should resolve "Resource not accessible by integration" error message.

actions/first-interaction#10 (comment)
BlazingTwist added a commit to BlazingTwist/Clean-Code-Development-Jchess that referenced this issue Dec 4, 2023
@barbaracabral
Copy link

I had the same issue executing the Zap Action code scan with docker config: https://github.com/zaproxy/action-api-scan

risvh added a commit to risvh/OneLifeData7 that referenced this issue Mar 26, 2024
…ccess to our repo

Relevant read:

Resource not accessible by integration
actions/first-interaction#10 (comment)
actions/first-interaction#10 (comment)

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
connorhsm pushed a commit to twohoursonelife/OneLifeData7 that referenced this issue Apr 8, 2024
…ccess to our repo

Relevant read:

Resource not accessible by integration
actions/first-interaction#10 (comment)
actions/first-interaction#10 (comment)

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
Wowlian added a commit to Wowlian/linkedin-skill-assessments-quizzes that referenced this issue May 27, 2024
@HakunMatat4
Copy link

I have crossed this problem and the solution was nothing but ironic.
After searching for the error message, I crossed this code block that somehow made into the action I was working on but I never noticed it until now.

I tried setting extra permissions but in my case the action doesn't need it at all. I believe the id-token was messing everything and in my case, I removed that whole permissions block which no other action uses it and voila.
The workflow is processing 100% now.

permissions:
  id-token: write
  contents: read
  issues: write
  pull-requests: write

Sources:

  1. The hero: https://sjramblings.io/github-actions-resource-not-accessible-by-integration
  2. Oficial documentation: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github\_token

MichaelAnderson-AI added a commit to MichaelAnderson-AI/upwork-yolo-swift that referenced this issue Oct 23, 2024
Should resolve "Resource not accessible by integration" error message.

actions/first-interaction#10 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests